CipherStash takes the security of our software, infrastructure, and customers extremely seriously.
This document describes the security posture, reporting process, and guidelines for the Proxy repository.

This repository contains the source code for CipherStash Proxy, including:

• The CipherStash Proxy binary
• Docker containers and Docker Compose configuration
• Encryption migration tool

All software follows semantic versioning and undergoes internal security review, automated analysis, and reproducible builds as part of our SDLC.

If you believe you have found a security vulnerability in any CipherStash code, service, or dependency:

📧 Please email: [email protected]

We request that you do not publicly disclose the issue before we have had a chance to investigate and provide a fix.

When reporting, please include (as applicable):

• Description of the vulnerability
• Steps to reproduce
• Impact assessment or potential misuse
• Any relevant logs, PoCs, or screenshots
• Suggested remediation (if you have one)

We will acknowledge receipt within 48 hours and provide regular updates until the issue is resolved.

CipherStash follows a coordinated responsible disclosure process:

1. Submit report privately via [email protected].
2. Acknowledgement within 48 hours.
3. Assessment of severity using CVSS and internal risk models.
4. Fix development and patch release in a private branch.
5. Coordinated disclosure, including:
   • New patch release(s)
   • Security advisory on GitHub
   • Credit to reporter (optional)

We will never take legal action against good-faith security researchers who follow this policy.

The following are in scope:

• The cipherstash/proxy GitHub repository
• All published Docker images published to Docker Hub under cipherstash/proxy
• Proxy cryptographic implementations, configuration layers, and CLI tooling
• Key-handling, authenticated encryption behaviour, JSON/JSONB field-level encryption flows
• Documentation or code examples that could lead to insecure usage
• CipherStash’s internal infrastructure
• CipherStash CTS, ZeroKMS, or other backend products

The following are out of scope:

• Example schema and configuration (though we are still grateful for any relevant disclosires there)
• Social engineering, physical attacks, or denial-of-service
• Attacks requiring privileged access to developer machines or CI/CD infrastructure

To maintain a strong security posture, contributors MUST:

• Do not modify cryptographic primitives without prior discussion
• Avoid introducing new crypto dependencies without prior discussion
• Never check in test keys, secrets, or example credentials

• Avoid adding dependencies unless necessary
• Keep dependencies updated and vetted
• Use TypeScript for all new code
• Ensure all code paths that handle keys or encrypted data include type-safe boundaries

• Submit PRs with tests covering edge cases and misuse-resistant behaviour
• Flag any changes involving key derivation, key wrapping, AAD, or encryption modes for mandatory security review
• Do not merge PRs that downgrade security controls or introduce unsafe defaults

For general questions about CipherStash security practices (not security incidents), contact:

📧 [email protected]

For vulnerability disclosures:

📧 [email protected]

Thank you for helping keep Proxy and the wider CipherStash ecosystem secure.